Sets up ssh jail automatically. Warning: After launching the script do not forget to edit your sshd config file to add the ChrootDirectory option

Match User guest

Chroot Directory /jail/guest/

Match all

After the configuration restart the ssh server on systemd by typing sudo systemctl restart sshd

This allow user guest to be run only in the chroot environment Additionally it is possible to allow the sftp command by changing Subsystem to Subsystem sftp internal-sftp

  CFG_USERNAME Name of the user that will be locked in the chroot environment

  CFG_USERSHELL A default shell that the user can access in chroot (need to specify full path)

  CFG_JAILDIR A directory where user will be chrooted

  CFG_HOME_PERMISSION Access to the chroot directory (default 700, only the created user can access the directory)

  CFG_DEFAULT_PROGS A list of programs separated by a whitespace that the user can access. To add more programs please refer to the addtojail.sh documentation
 

run the addtojail.sh script. The first argument is the path to the jail directory. All of the other arguments are the names of the programs which will be added. The program needs to be in the PATH variable

cd path_to_the_folder
chmod +x sshjail_setup.sh
chmod +x addtojail.sh

Remove the chroot directory eg. sudo rm -rf /jail Delete the user and his home directory sudo userdel guest Optionally the guests home directory can be removed. Make sure to backup all important files and run sudo rm -rf /home/guest`

Arch Linux: linux-6.0.12-zen1-1-zen, Openssh 9